Size matters when it comes to email attacks

Of course all companies are vulnerable to email threats, but analysis by Barracuda of targeted email attacks over the past year, reveals that organizations are vulnerable in different ways, according to their size.

Lateral phishing -- where attacks are sent to mailboxes across the organization from an already compromised internal account -- makes up just under half (42 percent) of targeted email threats against organizations with 2,000 employees or more, but just two percent of attacks against companies with up to 100 employees.

Smaller companies on the other hand are the most likely to be hit with external phishing attacks. These account for 71 percent of targeted email threats in 12 months, compared to 41 percent for the largest companies.

Smaller companies also experience around three times as many extortion attacks as their larger counterparts. Extortion attacks comprised seven percent of targeted incidents for the smallest businesses, compared to two percent for those with 2,000 employees or more.

The prevalence of business email compromise (BEC) and conversation hijacking remains relatively consistent regardless of company size.

"All companies, regardless of their size, are vulnerable to email threats, but they are vulnerable in different ways," says Olesia Klevchuk, director, product marketing at Barracuda. "Larger companies, with many mailboxes and employees, offer attackers more potential entry points, multiple communication channels to disseminate malicious messages across the business, and employees who are likely to trust email messages that appear to come from within the organization, even if the sender is unfamiliar to them. Smaller companies, on the other hand, are less likely to have layered security in place and more likely to have misconfigured email filters due to a lack of in-house skills and resources."

You can read more on the Barracuda blog.

Image credit: denismagilov/depositphotos.com